With smartphones we store a huge amount of personal and organizational sensitive information. While cybersecurity hardening for the servers, pc/endpoint computers have greatly improved and adopted. Mobile device protection is yet not in the stage of “consideration” for many. Hence, hackers consider smartphones now as a much more exposed target.With the advent of sophisticated “zero click zero day” malware targeting mobile device platforms and the kind of cyber-espionage campaigns that are being surfaced, it is critical to take the action quickly.

A zero click zero day can be understood as – “Unknown exploitable vulnerability” (known to and exploited by threat actors) if targeted could compromise the subject by sending a simple URL that didn’t even need to be clicked/ triggered by victim or just by visiting a website.

In the recent findings by industry researchers, a simple message with link, or a whatsapps video miscall could compromise a vulnerable mobile device.This opens up a lot low hanging and need for immediate action.
Put together, below are a few telltale signs of a malware infected mobile device;

• Unknown apps in your device / apps getting installed automatically
• Frequent restarts of device
• Slowdown, Sluggish performance
• Significant drop in device battery backup cycles
• Sending receiving cryptic text messages and calls –by itself
• Strange background noise during the calls
• Abnormalities in data/network usage.
• Lost credentials of other accounts

Barring device problems, these are considered among the major sings of malicious activity in mobile devices.

What can be done to secure?
Modern malwares are engineered to “not getting found”, Unless we act cautiously it is difficult to defend also with advance capabilities like clearing the traces and self-destruct features, prevention is always better than cure. Here are our recommendations.

• Always keep the mobile operation system up-to-date.
• Ensure your smart device is protected with mobile endpoint security.
• Download only secure applications.
• Restrict apps and their permission to minim required and disable information sharing between apps.
• Avoid connecting to public untrusted wifi networks or mobile charging kiosks.
• Disable Bluetooth / IR/ NFC etc when not in use.
• Avoid rooting your device
• Enterprises and business must consider deploying enterprise mobility management (EMM) technology.

* Disclaimer:  The above blog post is of information purpose only.

The post Telltale signs of a compromised mobile device and malware infiltration appeared first on Teksalah - Beyond Solutions.

Fileless malware is a type of malicious code, that is advance in nature which uses legitimate programs to infect a computer that exists exclusively memory-based.

It is known to hijack programs and tools of the victim’s system for attacking. As simple as PowerShell, Shell, WMI, macros becoming vulnerable for executing malicious code. This does not rely on traditional malware techniques and leaves very little to no-footprint, making it challenging to detect. In most cases, it becomes traceless with a reboot of the system.

Fileless malware attacks know to evade defenses like – application whitelisting as they take advantage of applications that are already installed and are on the approved list.

To understand further, no operating system is foolproof and the industry has seen advance fileless malware attacks on Windows, Linux, and other OS platforms. Similar to most of the attacks, fileless attacks are known to be using email spear-phishing, social engineering techniques and lateral moment to gain access rights to their targets. Mostly by taking over vulnerable legitimate programs and riding on their back.

Approaches to detect the infection

Chances are that your EPP/ EDR may have been bypassed already, and if they don’t help in detection, using below approaches would help you uncover an ongoing attack.
⁃ A well-tuned SIEM can help in detection. Usually based on the correlated behavior that the infected triggers.
⁃ A Threat hunting exercise; analyzing through ‘in-memory’ and system file integrity analysis.
⁃ Digital forensics (labor and $ intensive)

Approaches know to prevent

-Nothing beats keeping software up to date with patches.
⁃ Sound endpoint protection in combination with Gateway email threat prevention.
⁃ Reducing the attack surface; disabling the unwanted services, programs and exposure.
⁃ Admin user protection, Privileged Access Management to control unrestricted admin access.
⁃ Regular Penetration Testing exercises would help harden the infrastructure

Preventing and Detecting the fileless malware attacks early in the attack cycle needs an end-to-end approach addressing the entire threat lifecycle with well-defined controls in place at different layers.

Overview of a File-less malware attack/ Advance Volatile Threat:

The post Fileless Malware Attacks appeared first on Teksalah - Beyond Solutions.